The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a...

Digitally transforming enterprises are now able to seamlessly integrate a myriad of service providers and business partners globally through diverse private interconnections. Equinix’s Global Interconnection Index volume 2 (GXI2)...

Networking vendor Juniper Networks has rolled out a new security architecture that will connect and operate with an enterprise customer's existing stack of products.
Named ‘Juniper Connected Security’, the open platform automates...

Rapid digitalisation has resulted in a surge in both the number of endpoints and the means by which cybercriminals can infiltrate enterprise networks. Around the globe, the total financial damage due to cybercrimes is predicted to reach $8 trillion...

Topic

Global supply chains and trade networks are becoming more complex as a result of shifting patterns within the logistics industry, including changing demands of vendors and customers.
In reality, not all businesses are able to navigate these...

Public cloud services are a strategic weapon for CIOs. More than a way to cease operating data centers, the public cloud offers CIOs the ability to focus on strategic projects aimed at boosting the bottom line.
“As organizations pursue new...

One in three organizations suffered data breaches due to mobile devices

The number of security incidents involving mobile devices has
increased over the past year, but companies are not protecting
their mobile assets as well as they do other systems. One in
three organizations admitted to suffering a compromise due to a
mobile device, according to a new study by Verizon that surveyed
671 professionals in charge of mobile device procurement and
management in their organizations. This represents a 5 percent
increase compared to the results of a similar survey last year.

"Mobile devices are prone to many of the same attacks as other
devices," Verizon said in its Mobile Security Index 2019 report.
"Most phishing attacks and badly coded sites can affect them;
mobile users might even be more vulnerable. And there are also
mobile-specific exploits—like malicious apps and rogue wireless
hotspots."

Companies not meeting bare minimum mobile security
standards

"And yet again this year, we found that many companies are
failing to protect their mobile devices," the company said. "And
we’re not talking about some almost-impossible-to-achieve gold
standard. We're talking about companies failing to meet even a
basic level of preparedness."

This is not due to a lack of awareness, as over 80 percent of
respondents said their companies were at risk from mobile threats
and 69 said those risks have increased over the past year. At the
same time over two-thirds of respondents said they are less
confident in the security of their organization's mobile devices
compared to other systems.

Almost half of respondents admitted that their organizations
sacrificed mobile security to get the job done faster and nearly
half of those that cut corners experienced a mobile-related
security compromise. Meanwhile, less than 25 percent of those
that didn't sacrifice security for speed and profit had a
mobile-related compromise.

Around 60 percent of incidents were described as major and 40
percent as major with lasting repercussions. Over half resulted
in the loss of data and 58 percent also led to the compromise of
other devices.

Mobile security perception doesn't match reality

Verizon found that there is a perception gap because over 80
percent of organizations believe their precautions are either
effective of very effective but less than 12 percent had actually
implemented all four basic protections: encrypting data on public
networks, changing default passwords, regularly testing security
systems and restricting access to data on a "need to know" basis.

Eight in ten companies were also confident that they would be
able to spot a problem quickly, but the study revealed that in 63
percent of cases, compromises were reported by a third party such
as a customer, partner or law enforcement. That's not surprising
giving that only two in three organizations had deployed at least
one solution that would help with detection of security
incidents: mobile endpoint security, data loss prevention or
security information and event management (SIEM).

"Far more respondents said that they plan to implement each of
the mobile security protections mentioned above in the next 12
months than had done so in the previous 12," Verizon said. "We
could interpret this as more companies having realized the need
to improve their defenses and starting to take action. But a
comparison with last year’s stats suggests that this is more
likely to be over confidence. While they may hope, and even plan,
to introduce additional protections, many will fail to do so."

Organizations were most concerned with mobile-related threats
posed by current or former employees, followed by those posed by
organized cybercriminal groups, hacktivists, state-sponsored
actors and partners. However, Verizon found that less than a
fifth of organizations had comprehensive acceptable use policies
(AUPs) that covered mobile device use.

The Verizon report includes a table with recommendations for
improving the security of mobile devices in the enterprise. It is
broken down in types of actions like assessing, protecting,
detecting and responding and the level of sophistication:
baseline, better and best.